Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,23 @@
# where the ProviderConfig `default` and the referenced Secrets live.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# PAUSED until the platform WireGuard server (WS3) lands. Every resource here still
# carries WS3 placeholders β€” the WireGuard Client's peer endpoint IP + keys, the
# TrafficRoute's VPN-client network id, and the admin DNS records' gateway VIP
# (10.200.0.10, which does not exist yet). Applying them now would fail the
# Client/TrafficRoute on their placeholders AND create local DNS records that point
# the admin hostnames at a dead VIP β€” breaking LAN access to those UIs. So we hold
# every resource with `crossplane.io/paused`: once the provider is reachable it
# connects and can manage the controller, but touches nothing here until WS3 fills
# the real values. Unpause by removing this annotation β€” per-resource as each WS3
# dependency lands, or all at once when WS3 is complete.
#
# NOTE: `commonAnnotations` pauses EVERY resource in this kustomization β€” that is
# deliberate, since this file's whole resource set is WS3-gated. Do not add a
# resource here that must reconcile before WS3 lands; it would inherit the pause
# silently (put it in its own kustomization instead).
commonAnnotations:
crossplane.io/paused: "true"
resources:
- wireguard-vpn-client.yaml
- admin-dns.yaml
Comment thread
coderabbitai[bot] marked this conversation as resolved.